Description
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
Remediation
References
https://github.com/nodejs/node/issues/7388
https://nodesecurity.io/advisories/120
Related Vulnerabilities
CVE-2021-28092 Vulnerability in maven package org.webjars.npm:is-svg
CVE-2017-11342 Vulnerability in npm package node-sass
CVE-2021-43306 Vulnerability in maven package org.webjars.npm:jquery-validation
CVE-2022-39353 Vulnerability in maven package org.webjars.npm:xmldom
CVE-2018-8032 Vulnerability in maven package org.apache.axis:axis